Working on a way to send a one-time link for attachment viewing

7 years ago · 9ed6b33077
parent 3c5722c6d7
commit 9ed6b33077
3 changed files with 36 additions and 0 deletions
--- a/api/BusinessLogic/Security/UserContext.php
+++ b/api/BusinessLogic/Security/UserContext.php
@ -55,6 +55,10 @@ class UserContext {
    /* @var $active bool */
    public $active;

+    function isAnonymousUser() {
+        return $this->id === -1;
+    }
+
    /**
     * Builds a user context based on the current session. **The session must be active!**
     * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
@ -103,4 +107,10 @@ class UserContext {

        return $userContext;
    }
+
+    static function buildAnonymousUser() {
+        $userContext = new UserContext();
+        $userContext->id = -1;
+        return $userContext;
+    }
 }
--- a/api/Controllers/Attachments/StaffTicketAttachmentsController.php
+++ b/api/Controllers/Attachments/StaffTicketAttachmentsController.php
@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
        }
    }

+    private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
+        if (!$heskSettings['attachments']['use']) {
+            throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
+        }
+    }
+
    function post($ticketId) {
        global $hesk_settings, $applicationContext, $userContext;

@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {

        return http_response_code(204);
    }
+
+    static function inline($ticketId, $attachmentId) {
+        global $hesk_settings, $applicationContext, $userContext;
+
+        self::staticVerifyAttachmentsAreEnabled($hesk_settings);
+
+        /* @var $attachmentRetriever AttachmentRetriever */
+        $attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
+    }
 }
--- a/api/index.php
+++ b/api/index.php
@ -16,8 +16,17 @@ function handle404() {
 }

 function before() {
+    global $userContext;
+
    assertApiIsEnabled();

+    $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+    if (preg_match('/^.*\/v1-public\/staff\/inline-attachment\/\d+$/', $path)) {
+        $userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser();
+        return;
+    }
+
    $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');

    if ($internalUse === 'true') {
@ -178,6 +187,8 @@ Link::all(array(
    // Attachments
    '/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
    '/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
+    '/v1-internal/staff/tickets/{i}/attachments/{i}/inline' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::buildInline',
+    '/v1-public/staff/inline-attachment/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::viewInline',
    // Statuses
    '/v1/statuses' => \Controllers\Statuses\StatusController::class,
    // Settings